Ex-Financial Times Journalist Tom Foremski @ the Collision of Technology and Media

27

January

2009

|

12:25 AM

America/Los_Angeles

Data Privacy And The Unreasonable Burden Of Individual Responsibility

Wednesday is national Data Privacy Day which is an opportunity for the computer and financial industries to teach consumers about ways they can avoid scams and numerous criminal exploits on the Internet. But there's a lot to learn.

Why don't the computer, financial services, and online retail companies deal with that stuff behind the scenes, so that consumers can have a pleasant, and protected online experience? Why should consumers shoulder the burden of data privacy and safety?

I think there is a danger that consumers might start to disengage from Internet activities such as online commerce.

These days, buying products online is not as easy as it used to be. It takes a good few extra clicks and keystrokes to purchase anything online. I've abandoned shopping carts because it was getting too much work, too many digits and keystrokes to make a purchase, and I'm sure others have too.

On Wednesday, consumers are going to be harranged with a whole bunch of things they need to do to keep from becoming victims from a long list of online scams.

Why can't the industry take care of data privacy and security transparently, behind the scenes?

That's the question I've been asking Microsoft because I've spent much of Tuesday talking with Microsoft's privacy team as it prepared to release a survey on user privacy attitudes, and prep for a public debate at the San Francisco public library Wednesday evening.

I spoke with Brendan Lynch, director of privacy strategy at Microsoft, and Peter Cullen, GM and Chief Privacy Strategist at Microsoft, and found out that it's not that easy to outsource data privacy to Microsoft, or any other company -- currently there is a lot that individuals need to do to keep safe.

Mr Lynch said that Microsoft set up focus groups that questioned three groups: 18 to 24 year olds, the mid-30s-40s, and the baby boomer 50s and 60s. It turns out that they all agreed that they should take more personal responsibility for data privacy and safety.

"We were quite surprised that there was no generational difference regarding taking responsibility. They all wanted greater control over their personal data privacy," said Mr Lynch.

A cynic might argue that focus groups are vulnerable to leading questions, and that such findings take the pressure off of companies like Microsoft to take responsibility for protecting consumers. After all, Microsoft provides the technology for consumers to access the Internet, and it also provides the server-side technologies for companies to track and target consumers based on their private data. It has to play both sides of the coin.

Mr Cullen, however, disagreed that Microsoft faced a possible conflict of interest. "It's all about value plus privacy. For example, our advertising networks do not rely on any individually identifiable data, everything is anonymous."

He also said that Microsoft has very strict data privacy policies and it is a lead lobbyist for federal data privacy laws (while the rest of the industry wants self-regulation.)

"We believe that we can set an example for other companies," said Mr Cullen.

That's a commendable position but it doesn't mean other companies measure up to Microsoft's standards. How can a consumer compare one company against another?

How does Google measure up to Microsoft, how does Yahoo, eBay, etc measure up in terms of being a good citizen when it comes to data privacy? I couldn't get an answer. But these are the type of questions that consumers will be asking, because they have to make judgements about what is OK in terms of sharing private data.

For example, Amy Barzdukas, Senior Director, Internet Explorer and Consumer Security tells me that the new Internet Explorer 8 has a whole bunch of privacy controls with variable user settings. Users can filter how much or how little private data they are willing to share with third parties. Just one web page can have a multitude of ad networks, web monitoring software, and multiple widgets--all collecting private data and sending it to more than a dozen different companies.

Mr Cullen says that visiting the front page of The New York Times results in 16 different requests by third-parties for private data, and that data is collected without the user noticing.

The new Internet Explorer 8 is able to warn and inform users that they are vulnerable in such situations and it provides a way for users to disable sharing of such data. But it is left up to the user to adjust the privacy settings, which requires a fair amount of education about optimal settings.

And this is just one decision out of many, such as keeping or deleting cookies, recognizing phishing, man-in-the-middle scams, and dozens of other exploits. It's way too much for consumers to keep track of, and the landscape keeps changing. Consumers have to keep up or they become vulnerable. This is too much to expect from consumers, imho.

Like it or not, Microsoft, financial services, and online retail companies will have to take on more responsibility for consumer online safety.

Scaring consumers into being smarter online will only work to a certain degree. The danger is it will scare people away from online commerce--and that will be a huge step backwards for the digital economy.